org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd

Class SQLStdHiveAccessControllerWrapper

java.lang.Object

org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessControllerWrapper

All Implemented Interfaces:

HiveAccessController

@InterfaceAudience.Private
public class SQLStdHiveAccessControllerWrapper
extends Object
implements HiveAccessController

Wrapper for SQLStdHiveAccessController that does validation of arguments and then calls the real object. Doing the validation in this separate class, so that the chances of missing any validation is small. Validations/Conversions to be done 1. Call SQLAuthorizationUtils.getValidatedPrincipals on HivePrincipal to validate and update 2. Convert roleName to lower case

Constructor Summary

Constructors

Constructor and Description
SQLStdHiveAccessControllerWrapper(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx)

Method Summary

Modifier and Type	Method and Description
void	applyAuthorizationConfigPolicy(HiveConf hiveConf)
void	createRole(String roleName, HivePrincipal adminGrantor)
void	dropRole(String roleName)
List<String>	getAllRoles()
List<String>	getCurrentRoleNames()
List<HiveRoleGrant>	getPrincipalGrantInfoForRole(String roleName)
List<HiveRoleGrant>	getRoleGrantInfoForPrincipal(HivePrincipal principal)
void	grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption)
void	grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc)
boolean	isUserAdmin()
void	revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption)
void	revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc)
void	setCurrentRole(String roleName)
List<HivePrivilegeInfo>	showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SQLStdHiveAccessControllerWrapper

public SQLStdHiveAccessControllerWrapper(HiveMetastoreClientFactory metastoreClientFactory,
                                         HiveConf conf,
                                         HiveAuthenticationProvider authenticator,
                                         HiveAuthzSessionContext ctx)
                                  throws HiveAuthzPluginException

Throws:

HiveAuthzPluginException

Method Detail

grantPrivileges

public void grantPrivileges(List<HivePrincipal> hivePrincipals,
                            List<HivePrivilege> hivePrivileges,
                            HivePrivilegeObject hivePrivObject,
                            HivePrincipal grantorPrincipal,
                            boolean grantOption)
                     throws HiveAuthzPluginException,
                            HiveAccessControlException

Specified by:

grantPrivileges in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

revokePrivileges

public void revokePrivileges(List<HivePrincipal> hivePrincipals,
                             List<HivePrivilege> hivePrivileges,
                             HivePrivilegeObject hivePrivObject,
                             HivePrincipal grantorPrincipal,
                             boolean grantOption)
                      throws HiveAuthzPluginException,
                             HiveAccessControlException

Specified by:

revokePrivileges in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

createRole

public void createRole(String roleName,
                       HivePrincipal adminGrantor)
                throws HiveAuthzPluginException,
                       HiveAccessControlException

Specified by:

createRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

dropRole

public void dropRole(String roleName)
              throws HiveAuthzPluginException,
                     HiveAccessControlException

Specified by:

dropRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

grantRole

public void grantRole(List<HivePrincipal> hivePrincipals,
                      List<String> roles,
                      boolean grantOption,
                      HivePrincipal grantorPrinc)
               throws HiveAuthzPluginException,
                      HiveAccessControlException

Specified by:

grantRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

revokeRole

public void revokeRole(List<HivePrincipal> hivePrincipals,
                       List<String> roles,
                       boolean grantOption,
                       HivePrincipal grantorPrinc)
                throws HiveAuthzPluginException,
                       HiveAccessControlException

Specified by:

revokeRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

getAllRoles

public List<String> getAllRoles()
                         throws HiveAuthzPluginException,
                                HiveAccessControlException

Specified by:

getAllRoles in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

showPrivileges

public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
                                              HivePrivilegeObject privObj)
                                       throws HiveAuthzPluginException,
                                              HiveAccessControlException

Specified by:

showPrivileges in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

setCurrentRole

public void setCurrentRole(String roleName)
                    throws HiveAuthzPluginException,
                           HiveAccessControlException

Specified by:

setCurrentRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

getCurrentRoleNames

public List<String> getCurrentRoleNames()
                                 throws HiveAuthzPluginException

Specified by:

getCurrentRoleNames in interface HiveAccessController

Throws:

HiveAuthzPluginException

getPrincipalGrantInfoForRole

public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException

Specified by:

getPrincipalGrantInfoForRole in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

getRoleGrantInfoForPrincipal

public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException

Specified by:

getRoleGrantInfoForPrincipal in interface HiveAccessController

Throws:

HiveAuthzPluginException

HiveAccessControlException

applyAuthorizationConfigPolicy

public void applyAuthorizationConfigPolicy(HiveConf hiveConf)
                                    throws HiveAuthzPluginException

Specified by:

applyAuthorizationConfigPolicy in interface HiveAccessController

Throws:

HiveAuthzPluginException

isUserAdmin

public boolean isUserAdmin()
                    throws HiveAuthzPluginException

Throws:

HiveAuthzPluginException